DevOps Tips & Articles on Martin Koníček | IT Strategie a Architektura

OpenClaw on Proxmox: Why You Should Never Trust Open-Source Scripts Blindly

Sat, 04 Apr 2026 00:00:00 +0000

I run a homelab on Proxmox. When I came across OpenClaw — an automated LXC setup script for a browser automation gateway — I wanted to get it running quickly. I pulled the script, ran it, and had a working container in minutes. Convenient. Also a security disaster waiting to happen.

Managing Kubernetes from Neovim: Installing kubectl.nvim on Ubuntu 24

Wed, 25 Mar 2026 00:00:00 +0000

kubectl.nvim is a Neovim plugin that lets you browse and manage Kubernetes clusters directly from your editor — without leaving your coding environment. This guide covers a complete setup from scratch on Ubuntu 24, including Neovim, lazy.nvim as the plugin manager, and kubectl.nvim itself with true color support.

Git-Crypt: Secure Secrets in Git Repos

Mon, 09 Mar 2026 00:00:00 +0000

Git-crypt provides transparent encryption for sensitive files within Git repositories, allowing teams to store secrets like API keys alongside public code without exposing them.

Resetting asciinema with Scroll Stacking

Sat, 10 Jan 2026 00:00:00 +0000

Your asciinema recording looks broken: newlines don’t work, old text gets overwritten, or the screen fills with garbage. This simple tutorial shows how to reset the terminal screen mid-recording using scroll stacking. Fix messy casts without starting over - just edit the file!

LVM2 Setup Tutorial for Ubuntu on Raspberry Pi

Fri, 09 Jan 2026 00:00:00 +0000

This tutorial details enabling LVM2 on Ubuntu for Raspberry Pi. Ubuntu kernels for Raspberry Pi include LVM2 drivers natively, so no kernel recompilation or creation of initrd initramfs needed.

Disabling Auto Leveling on Creality Ender 3 S1 Pro with PrusaSlicer and OctoPrint

Sun, 04 Jan 2026 00:00:00 +0000

This tutorial provides step-by-step instructions to disable auto bed leveling (G29 commands) on the Creality Ender 3 S1 Pro when using PrusaSlicer with OctoPrint integration. Newer versions of PrusaSlicer automatically insert G29 commands into the start G-code for printers with bed leveling capabilities, which can cause unwanted auto leveling cycles during prints. By switching to Expert mode and editing the Custom G-code in printer settings, you can remove these commands entirely while maintaining compatibility with OctoPrint for seamless print uploads and monitoring.

How to Forward MySQL Port 3306 from Ubuntu Host to LXD/LXC Container

Thu, 01 Jan 2026 00:00:00 +0000

Learn step-by-step how to expose your MySQL server running inside an LXD/LXC container on Ubuntu by creating a dedicated profile with a proxy device. This setup forwards traffic from the host’s port 3306 to the container’s MySQL instance, making it accessible externally without direct network bridging. Ideal for secure, isolated database hosting on any Ubuntu system.

Running OctoPrint in Docker on Raspberry Pi with auto‑start via udev

Sat, 13 Dec 2025 00:00:00 +0000

Use Docker and Docker Compose on Raspberry Pi to run OctoPrint in a container and automatically start it when your Creality Ender 3 Pro USB serial adapter appears.

5V UPS Solutions for Raspberry Pi in 2025: Beyond UPS HATs to Power Stations

Sat, 15 Nov 2025 00:00:00 +0000

As Raspberry Pi projects grow more complex and critical, reliable backup power solutions are essential. While UPS HATs have been popular for seamless power backup, their limited capacity often falls short for demanding or long-duration setups. In 2025, new trends favor compact power stations, 12V mini-UPS systems, and advanced DIY battery solutions — providing longer runtimes, better efficiency, and enhanced monitoring for your Raspberry Pi ecosystem.

5V UPS Solutions for Raspberry Pi: New Trends and Recommendations in 2025

AD Converter PCF8591 for Raspberry Pi

Sat, 15 Nov 2025 00:00:00 +0000

Have you ever wondered how to measure battery voltage with a Raspberry Pi? The PCF8591 ADC (Analog-to-Digital Converter) module, which can be purchased for as little as 2 USD, provides a simple solution for measuring analog voltages via I2C on your Raspberry Pi. This tutorial explains how it works, how to deal with higher voltages like those from a lead-acid battery, and how to calibrate the setup to get accurate readings.

Enabling Low-Range NodePorts Below 1024 in MicroK8s for Traefik Ingress

Sat, 15 Nov 2025 00:00:00 +0000

Discover how to configure MicroK8s to use NodePorts below 1024, a key step for setting up efficient ingress controllers like Traefik. This guide simplifies the process, ensuring a seamless integration of lower NodePorts in your Kubernetes environment.

HyperV VM Backup Workflow: Automated Disaster Recovery to AWS S3

Sat, 15 Nov 2025 00:00:00 +0000

Recently, I ran into challenges backing up my MicroK8S cluster hosted on HyperV (essentially, my desktop workstation). While searching for backup tools for Windows, I found that most consumer-grade solutions—including Ashampoo Backup—are lacking, particularly for robust S3 support.

OpenVPN Config Generator: Simplify Your VPN Setup with Static IPs and Automated Key Management

Sat, 15 Nov 2025 00:00:00 +0000

Configuring OpenVPN can often be a tedious task, especially when managing multiple clients with varying network settings. The OpenVPN Config Generator project offers a streamlined solution that automates key generation, static IP assignments, and configuration management to create your own private VPN LAN effortlessly.

Simple configuration generator for OpenVPN which supports static IPs, udp/tcp

GitHub Project

About project #

This config generator is type of a tool I was always looking for. Actually you do not have to type some command to generate every simple config and you have all clients configurations in one config file - YAML. Every time you run a config generator it looks to YAML for a new config entries and generates only them. It automatically generates all certificates, not just client, but also CA authority, server keys, etc.

SOPS Git Hooks for Kubernetes Secrets Management

Sat, 15 Nov 2025 00:00:00 +0000

I decided to build a Git-based tool to manage Kubernetes secrets more efficiently. The whole idea was to automatically encrypt password and value fields in my Kubernetes YAML and Helm files before committing them into Git, and decrypt them effortlessly when checking out.

Setting Up Custom SSL Authority for HTTPS on Nexus Sonatype

Thu, 13 Nov 2025 00:00:00 +0000

Configuring Nexus Sonatype to serve HTTPS traffic using a custom SSL certificate involves replacing the default Jetty configuration and keystore with your own. This allows you to use a certificate signed by your internal Certificate Authority (CA), improving security and trust within your network environment.

Configuring Sonatype Nexus as a DockerHub Proxy for MicroK8s: Safeguard Your Container Workflow

Wed, 05 Nov 2025 00:00:00 +0000

In the rapidly shifting landscape of container images, relying solely on DockerHub for your Kubernetes workflows exposes you to supply chain interruptions and image unavailability. Notably, the unpublishing of Bitnami images by Broadcom left many DevOps teams scrambling for alternatives and showcased the risks of relying on external registries. This guide walks you through configuring Sonatype Nexus as a DockerHub proxy for MicroK8s, ensuring your critical images remain available and under your own control.

Cleaning the containerd OverlayFS Directory in MicroK8s

Tue, 04 Nov 2025 00:00:00 +0000

Reclaiming disk space by safely resetting the containerd snapshotter storage without losing your Kubernetes configuration.

Troubleshooting Random Vim Help Pop-ups Caused by Nosleep Utilities

Mon, 03 Nov 2025 00:00:00 +0000

When using Vim inside a terminal emulator like PuTTY, users sometimes encounter the issue where the Vim help window randomly opens without user input. This problem is commonly caused by utilities designed to prevent the computer from sleeping or going idle—often called nosleep applications. These utilities send keystrokes such as Scroll Lock or Shift at intervals, which PuTTY configured with the terminal type “xterm” interprets incorrectly as the F1 key. Since F1 triggers the Vim help, the help window appears unexpectedly.

Running Raspberry Pi OS on QEMU x64: Emulating a Pi on Your Ubuntu PC

Fri, 31 Oct 2025 00:00:00 +0000

Running Raspberry Pi OS inside QEMU is a convenient way to test configurations or perform lightweight development without real hardware. However, the process can appear stalled during boot, especially when emulating ARM on x86_64. Here’s a step-by-step guide based on what worked for me when running Raspberry Pi OS under QEMU on an Ubuntu 24 system inside Hyper-V.

Installing RJ45 Wall Sockets into a Kopos 110 mm Cable Duct

Sun, 19 Oct 2025 00:00:00 +0000

When you want to integrate data outlets neatly into a trunking system, the combination of Kopos ducts and ABB Zoni components offers a professional and visually clean solution. This guide explains how to mount an RJ45 outlet into a 110 mm Kopos cable duct using specific parts from K&V Elektro and provides practical installation tips.

Monitoring and Automatic Restart of Services with systemd: Liveness and Readiness Probes

Sun, 12 Oct 2025 00:00:00 +0000

Maintaining the reliability of critical services often requires continuous monitoring of their health and automatic recovery in case of failures. While Kubernetes offers built-in liveness and readiness probes for containerized applications, Linux system administrators can implement similar health checks and automated restarts for services managed by systemd. This article explores practical ways to perform health monitoring using systemd, focusing on DNS availability checks as an example, and how to configure systemd to automatically restart services that become unhealthy.

Installing BuildKit Rootless on Ubuntu

Wed, 01 Oct 2025 00:00:00 +0000

Running BuildKit in rootless mode increases your security and flexibility when building container images, especially on multi-user systems or CI environments where root privileges are restricted. This method uses a dedicated user and systemd service for isolation and automation, ensuring clean operation without elevated permissions. Docker is installed to provide a familiar runtime for container operations, while RootlessKit bridges the gap needed for rootless containerization.

Nexus Installation and Configuration Tutorial on Ubuntu with PostgreSQL

Wed, 17 Sep 2025 00:00:00 +0000

This tutorial guides through installing Sonatype Nexus Community Edition on Ubuntu with PostgreSQL, configuring permissions, setting up reverse proxy with Nginx, and optimizing Nexus settings.

KeePass Batch Scripting for Secure and Automatic Database Unlock at Boot or Login

Mon, 01 Sep 2025 00:00:00 +0000

If you use KeePass to manage your passwords, you can securely automate database unlocking at boot or login using the {PASSWORD_ENC} placeholder. This guide combines best practices, official documentation, and user insights, and now also explains how to set up your script to run automatically from the Windows Startup folder. Additionally, it details how KeePass’s Auto-Type feature works, including window title matching for automatic credential filling.

Monitoring backups on Proxmox using Nagios

Wed, 27 Aug 2025 00:00:00 +0000

Nagios can remotely monitor a Proxmox server by running custom scripts via the NRPE agent. For backups, the goal is to calculate the total size of files in the backup directory modified in the last 7 days and alert if the backup size falls below or exceeds desired thresholds.

Looking Far Ahead: How to Plan for the Next 10 Years

Sat, 09 Aug 2025 00:00:00 +0000

Planning ten years into the future is much like driving fast on a highway. When you want to travel quickly and safely, you don’t focus on the road right in front of your car—you look far ahead, half a kilometer down the road. This distant gaze helps you anticipate curves, obstacles, and opportunities, allowing you to make better decisions in the present.

How to Automatically Monitor and Restart a WireGuard Tunnel on MikroTik

Sun, 27 Jul 2025 00:00:00 +0000

Keeping your VPN connections robust is essential, especially when using WireGuard tunnels for remote access, site-to-site links, or secure communications. Like many network admins, I’ve faced the frustration of a WireGuard tunnel dropping—often at the least convenient moment. Performing a manual restart on the MikroTik each time is time-consuming and error-prone. This article walks you through a fully automated solution: continuously check the connection from a Linux server and, if needed, remotely restart the MikroTik WireGuard server—using secure workflows and best practices.

My Experience: Ensuring Reliable External USB Storage

Fri, 25 Jul 2025 00:00:00 +0000

As someone who regularly experiments with homelab setups, I wanted to expand my storage by attaching a 2TB SATA drive in an externally powered AXAGON USB 3.0 enclosure to my Odroid H4 Ultra Pro (an x86 mini-PC), running Proxmox VE. On paper, with external power and a quality enclosure, I expected flawless operation—however, I encountered a range of classic USB storage issues. Here’s my real-world troubleshooting journey and the persistent solutions I adopted.

Monica CRM - SMTP SSL Certificate Verification Error

Thu, 24 Jul 2025 00:00:00 +0000

Monica CRM is a privacy-focused personal relationship manager. Successfully configuring outbound email is essential for notifications and automations. One of the most common issues for new users is encountering errors related to SSL or STARTTLS when setting up SMTP delivery. This guide provides step-by-step instructions, optimal configuration examples using environment variables, and explanations to help ensure your Monica CRM deployment sends emails reliably.

Evolution of DNS and the Cursed systemd-resolved

Sat, 19 Jul 2025 00:00:00 +0000

Looking back at our technical beginnings, most of us remember relying on the resolv.conf file. This small but powerful file was our window into the world of DNS—it was our personal guide, helping us translate domain names into IP addresses. Every administrator, whether experienced or a novice, had to work with it at some point. Then systemd arrived, bringing systemd-resolved, and our beloved resolv.conf started behaving like an old friend who suddenly decided not to be as reliable as we thought.

Self-Hosted GitHub Action Runner on Kubernetes

Mon, 19 May 2025 00:00:00 +0000

I recently set up a self-hosted GitHub Action Runner on Kubernetes using the Action Runner Controller, aiming for more control over my CI/CD pipeline. This involved configuring Kubernetes with DNS, ingress, and microk8s, and securing my private Docker registry with TLS and a custom Certificate Authority.

Create GitHub App and Secrets #

On your repository, go to Developer settings and create and install a GitHub App. You will obtain the necessary details for creating a Kubernetes secret:

SSH in Visual Studio Code with KeePass

Mon, 19 May 2025 00:00:00 +0000

Remote SSH extension in Visual Studio Code allows you to directly edit files on a Linux machine and access the Linux console from your Windows workstation. For the best comfort when accessing a remote SSH server from Visual Studio Code, use KeePass with KeeAgent, which works as an SSH agent. Why Use KeePass and KeeAgent?

WebSocket Connection to WireGuard

Mon, 19 May 2025 00:00:00 +0000

In some countries (e.g. Egypt) or some hotels, VPN connections are blocked and the only possibility is to tunnel them through WebSocket. In this article, I will focus on that.

How I Used HashiCorp Vault and External Secrets Operator

Fri, 09 May 2025 00:00:00 +0000

When building a Kubernetes deployment for an application using MySQL, I initially considered using a ConfigMap to store my database connection details. However, I quickly ran into a problem: ConfigMaps are not designed for sensitive data like passwords, and more importantly, I was using Argo CD for GitOps.

RPI Zero Ethernet Gadget Mode

Tue, 06 May 2025 00:00:00 +0000

Using USB Gadget Mode on Raspberry Pi Zero for SSH/RDP Access on Windows 11 #

The Raspberry Pi Zero is a versatile device that can be configured to act as a USB Ethernet gadget, allowing you to connect to it via SSH or RDP over a single USB cable. This is especially useful when you want a direct network connection without additional hardware. In this article, we will guide you through setting up the Pi Zero in USB gadget mode and installing the necessary Windows 11 drivers for seamless connectivity.

Fire! Except, not at all. 🔥🚫

Sat, 05 Apr 2025 00:00:00 +0000

Titanic-do you know what made this ship unique and why it hit the iceberg? 🚢🧊 The Titanic was unique because it was huge, and if you needed to turn it, it took several kilometers. That’s why it hit the iceberg, even though the captain knew about it long before. 🛑👨‍✈️

Loki, Promtail and Syslog

Wed, 12 Mar 2025 00:00:00 +0000

On my home server, I was slowly getting annoyed that I didn’t really have an idea of what was happening in the syslog, and when an application, for example, throws an Out of memory error, I simply don’t know about it. That’s why I decided to send syslog to Promtail, which pushes it to Loki (Grafana) and processes it.

Outdated library in my scraper

Sat, 08 Mar 2025 00:00:00 +0000

Today I discovered that a container in my home Kubernetes crashed, which is responsible for downloading the price of the SP500 ETF fund, which is then taken by Prometheus and passed to my Grafana.

MicroK8s and DockerHub

Sun, 02 Mar 2025 00:00:00 +0000

If you work with Docker, you’ve surely noticed recently that DockerHub requires authentication when you download a bit more from it. In this article, I’ve decided to describe how to handle this in connection with MicroK8s.

The first thing we need to modify is the file /var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml. If any subdirectory or file doesn’t exist, create it. The file should look like this:

server = "https://docker.io"

[host."https://registry-1.docker.io"]
  capabilities = ["pull", "resolve"]
  [host."https://registry-1.docker.io".auth]
    username = "YOUR_DOCKERHUB_USERNAME"
    identitytoken = "dckr_pat_TOKEN"

You need to generate a token on the DockerHub website. You can do this by clicking on Account -> Personal Access Tokens

Work on Home Server

Sun, 02 Mar 2025 00:00:00 +0000

So today I was working on my home server, and I accidentally discovered from monitoring that some services weren’t running. Since my home Kubernetes server is more for playing around, but also hosts some public things, I get messages from Nagios once every 24 hours, so it doesn’t disturb me too much, but at the same time makes me aware of the need to address issues.

My Home Server with Kubernetes

Thu, 20 Feb 2025 00:00:00 +0000

It’s true that I run my own server with Kubernetes at home, but what does it actually look like, and what do I test on it? At the beginning, I built an “enterprise” solution that is on the level of large corporations, at least on the surface - I have my own repository for OCI images, my own pipelines in GitHub for creating OCI images, and even my own installation of ArgoCD.

How to Connect to an SSH/RDP Server in Azure with a Proxy

Fri, 14 Feb 2025 00:00:00 +0000

If you ever want to connect to a virtual machine in Azure from a corporate network and you don’t have a dedicated line or dedicated IP, you’ll likely run into issues. You’ll be behind a corporate proxy and won’t be able to get out easily, nor can you expect anyone to allow you access to all SSH or RDP ports on the external network.

I Wrote My Own Bookmark Management Application

Sat, 08 Feb 2025 00:00:00 +0000

Recently, I’ve been dealing with an interesting problem. I have a large number of websites that I want to randomly visit a few of each day. It’s not an unsolvable problem - I copied the sites into Google Sheets and used ChatGPT to write a script that randomly selects ten sites and opens them in a new window.

DevOps Tips & Articles on Martin Koníček | IT Strategie a Architektura

OpenClaw on Proxmox: Why You Should Never Trust Open-Source Scripts Blindly

Managing Kubernetes from Neovim: Installing kubectl.nvim on Ubuntu 24

Git-Crypt: Secure Secrets in Git Repos

Resetting asciinema with Scroll Stacking

LVM2 Setup Tutorial for Ubuntu on Raspberry Pi

Disabling Auto Leveling on Creality Ender 3 S1 Pro with PrusaSlicer and OctoPrint

How to Forward MySQL Port 3306 from Ubuntu Host to LXD/LXC Container

Running OctoPrint in Docker on Raspberry Pi with auto‑start via udev

5V UPS Solutions for Raspberry Pi in 2025: Beyond UPS HATs to Power Stations

AD Converter PCF8591 for Raspberry Pi

Enabling Low-Range NodePorts Below 1024 in MicroK8s for Traefik Ingress

HyperV VM Backup Workflow: Automated Disaster Recovery to AWS S3

OpenVPN Config Generator: Simplify Your VPN Setup with Static IPs and Automated Key Management

About project #

SOPS Git Hooks for Kubernetes Secrets Management

Setting Up Custom SSL Authority for HTTPS on Nexus Sonatype

Configuring Sonatype Nexus as a DockerHub Proxy for MicroK8s: Safeguard Your Container Workflow

Cleaning the containerd OverlayFS Directory in MicroK8s

Troubleshooting Random Vim Help Pop-ups Caused by Nosleep Utilities

Running Raspberry Pi OS on QEMU x64: Emulating a Pi on Your Ubuntu PC

Installing RJ45 Wall Sockets into a Kopos 110 mm Cable Duct

Monitoring and Automatic Restart of Services with systemd: Liveness and Readiness Probes

Installing BuildKit Rootless on Ubuntu

Nexus Installation and Configuration Tutorial on Ubuntu with PostgreSQL

KeePass Batch Scripting for Secure and Automatic Database Unlock at Boot or Login

Monitoring backups on Proxmox using Nagios

Looking Far Ahead: How to Plan for the Next 10 Years

How to Automatically Monitor and Restart a WireGuard Tunnel on MikroTik

My Experience: Ensuring Reliable External USB Storage

Monica CRM - SMTP SSL Certificate Verification Error

Evolution of DNS and the Cursed systemd-resolved

Self-Hosted GitHub Action Runner on Kubernetes

Create GitHub App and Secrets #

SSH in Visual Studio Code with KeePass

WebSocket Connection to WireGuard

How I Used HashiCorp Vault and External Secrets Operator

RPI Zero Ethernet Gadget Mode

Using USB Gadget Mode on Raspberry Pi Zero for SSH/RDP Access on Windows 11 #

Fire! Except, not at all. 🔥🚫

Loki, Promtail and Syslog

Outdated library in my scraper

MicroK8s and DockerHub

Work on Home Server

My Home Server with Kubernetes

How to Connect to an SSH/RDP Server in Azure with a Proxy

I Wrote My Own Bookmark Management Application

Installing RJ45 Wall Sockets into a Kopos 110 mm Cable Duct